From e2e77ed55687cb92c6f5a273995daf64dedef848 Mon Sep 17 00:00:00 2001 From: Christof Rabensteiner Date: Wed, 26 Jun 2019 08:47:58 +0200 Subject: Protect MsgClient via SSL (ink Client Authentication) - Add Component to create SSLContexts with own Key- and trust store. - Inject SSLContext into HTTP Client. - Add EAAF-Components Core Dependency, which is needed by SSLContextCreator (KeyStoreUtils). Schema Changes in mzs:DeliveryRequest/Config: - Got Rid of mzs:DeliveryRequest/Config/Server. In mzs 1.4.1, Server replaces the result of zkopf query person request. Since this zkopf interface does not exist anymore, Server was removed. - Add ClientType, which holds all parameters needed to connect to a service (Url, SSL params, a.o.). Configuration: - Add default parameters for SSL Clients in application.yaml. - Merge default parameters into incoming mzs:DeliveryRequests. MoaZSException Fixes: - Remove "Extends throwable" from Builder. - Add convenient shorthand init method (message, throwable). Refactor: - Put "determinePath" to FileUtils. - Put string related utility functions into StringUtils. --- .../java/at/gv/egiz/moazs/config/MoaSigConfig.java | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) (limited to 'src/main/java/at/gv/egiz/moazs/config') diff --git a/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java b/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java index 05ecac1..0b7bdc7 100644 --- a/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java +++ b/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java @@ -2,10 +2,12 @@ package at.gv.egiz.moazs.config; import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService; import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.SignatureVerificationService; +import at.gv.egiz.moazs.util.FileUtils; import at.gv.egiz.moazs.verify.MoaSPSSSignatureVerifier; import at.gv.egiz.moazs.verify.SignatureVerifier; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -28,15 +30,18 @@ public class MoaSigConfig { private final String keyStoreType; private final String defaultTrustProfile; private final String spssConfigFilePath; + private final FileUtils fileUtils; public MoaSigConfig(@Value("${javax.net.ssl.trustStoreType}") String trustStoreType, @Value("${javax.net.ssl.keyStoreType}") String keyStoreType, @Value("${moa.spss.server.default-trustprofile}") String defaultTrustProfile, - @Value("${moa.spss.server.configuration}") String spssConfigFilePath) throws FileNotFoundException { + @Value("${moa.spss.server.configuration}") String spssConfigFilePath, + @Autowired FileUtils fileUtils) throws FileNotFoundException { this.trustStoreType = trustStoreType; this.keyStoreType = keyStoreType; this.defaultTrustProfile = defaultTrustProfile; this.spssConfigFilePath = spssConfigFilePath; + this.fileUtils = fileUtils; fallBackToSpringEnvForMoaSPSSConfigProperty(); fallBackToSpringEnvForJavaxNetSSLStoreTypeProperty(); } @@ -45,7 +50,7 @@ public class MoaSigConfig { log.info("value of spssConfigFilePath is {}", spssConfigFilePath); if(System.getProperty(MOA_SPSS_CONFIG_FILE_PROPERTY) == null) { - var realPath = determinePath(spssConfigFilePath); + var realPath = fileUtils.determinePath(spssConfigFilePath); var realFile = new File(realPath); if(realFile.exists() && realFile.canRead()) { @@ -57,15 +62,7 @@ public class MoaSigConfig { } } - private String determinePath(String abstractPath) { - if (new File(abstractPath).isAbsolute()) { - return abstractPath; - } else { - //resolve relative path as classpath resource - //java.lang.Class needs relative resources to start with "/" - return this.getClass().getResource("/" + abstractPath).getFile(); - } - } + private void fallBackToSpringEnvForJavaxNetSSLStoreTypeProperty() { if (System.getProperty(JAVAX_SSL_TRUSTSTORE_TYPE_PROPERTY) == null) { -- cgit v1.2.3